Should I block it?
Yes, 98% block recommendation.
Possible reasons:
Multiple malware detections
Performance resource utilization
Relationships
Parent process
Related files
updater26766.exe
Discount Buddy by Excellent Apps (Signed)
| Version: | 1000.1000.1000.1000 |
| MD5: | f2d8ba45fc17aed5ce41fcc3bc606310 |
| SHA1: | c52b69ae45622fd46b097a25dc69b8610b6ab325 |
| SHA256: | a3b404b2e9f6ad98507cfdbb2ad38d3b508bb85fd4e9017f3eabebd86cd2fe39 |
Warning 4 antivirus scanners has detected malware.
Overview
updater26766.exe is malware that executes as a process with the local user's privileges usually within the context of Windows Explorer. It is set to be run when the PC boots and the user logs into Windows (added to the Run registry key for the current user). The file is digitally signed by Excellent Apps which was issued by the Thawte certificate authority (CA).
Details
| File name: | updater26766.exe |
| Publisher: | 215 Apps |
| Product name: | Discount Buddy |
| Description: | Discount Buddy exe |
| Typical file path: | C:\users\user\appdata\local\updater26766\updater26766.exe |
| Original name: | Discount Buddy.exe |
| File version: | 1000.1000.1000.1000 |
| Size: | 205.38 KB (210,312 bytes) |
| Certificate |
| Issued to: | Excellent Apps |
| Authority (CA): | Thawte |
| Effective date: | Tuesday, August 28, 2012 |
| Expiration date: | Thursday, August 29, 2013 |
| Digital DNA |
| File packed: | No |
| .NET CLR: | No |
More details
Behaviors
Scheduled tasks
- Entry path '\Updater26766.exe'
Startup files (user) run
Runs under the registry key 'HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
- 'Updater26766.exe' → C:\users\user\appdata\Local\Updater26766\Updater26766.exe /extensionid=26766 /extensionname='Discount Buddy' /chromeid=fjbgonfbgjdmlkjofohofdjnakkfppge /stayidle /delay=300
Malware detections
Based on 40+ industry antivirus scanners, 4 of them detected the following malware.
| Antivirus engine | Engine version | Detection |
| ESET NOD32 |
7.8243 |
a variant of Win32/Toolbar.CrossRider.C |
| Trend Micro HouseCall |
9.700.0.1001 |
TROJ_GEN.F47V0215 |
| Vba32 AntiVirus |
3.12.20.2 |
suspected of Trojan.Downloader.gen.h |
| VIPRE Antivirus |
16982 |
GamePlayLabs (v) |
Resource utilization
(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
| CPU |
| Total CPU: | 0.00021115% | |
| Kernel CPU: | 0.00012817% | |
| User CPU: | 0.00008298% | |
| Kernel CPU time: | 312 ms/min | |
| CPU cycles: | 16,900/sec | |
| Memory |
| Private memory: | 2.6 MB | |
| Private (maximum): | 3.28 MB | |
| Private (minimum): | 1.32 MB | |
| Non-paged memory: | 2.6 MB | |
| Virtual memory: | 86.17 MB | |
| Virtual memory (peak): | 93.92 MB | |
| Working set: | 3.2 MB | |
| Working set (peak): | 8.13 MB | |
| I/O |
| I/O read transfer: | 2 Bytes/sec | |
| I/O read operations: | 1/sec | |
| I/O write transfer: | 2 Bytes/sec | |
| I/O write operations: | 1/sec | |
| I/O other transfer: | 7 Bytes/sec | |
| I/O other operations: | 1/sec | |
| Resource allocations |
| Threads: | 4 | |
| Handles: | 175 | |
| GUI GDI count: | 9 | |
| GUI GDI peak: | 9 | |
| GUI USER count: | 2 | |
| GUI USER peak: | 3 | |
Process properties
Threads
Averages
| Updater26766.exe (main module) |
| Total CPU: | 0.00014094% | |
| Kernel CPU: | 0.00010250% | |
| User CPU: | 0.00003844% | |
| CPU cycles: | 2,682/sec | |
| Memory: | 220 KB | |
| ntdll.dll |
| Total CPU: | 0.00007707% | |
| Kernel CPU: | 0.00005138% | |
| User CPU: | 0.00002569% | |
| CPU cycles: | 1,021/sec | |
| Memory: | 1.66 MB | |
Distribution by Windows OS
| OS version | distribution |
| Windows 7 Home Premium |
100.00% |
|
Distribution by country
United States installs about 100.00% of Discount Buddy.
Distribution by PC manufacturer
| PC Manufacturer | distribution |
| Toshiba |
80.00% |
|
| Hewlett-Packard |
20.00% |
|
